So, just when we've about beaten the topic of HS CAN Bus diagnostics into relative "submission", the need for "intrusion prevention" takes it to the next level with the adoption of "Isolated" Networks. There is purposely no vehicle identified in the fields, because the topic lends itself to new platforms as they come to market.
With High Speed CAN Bus being such a popular topic in various forums and many technicians now being able to diagnose system maladies with relative ease, isolated networks make it rather more challenging. Since I focus on GM products, I created a "simple" slide that is "very loosely" based on a 2018 GMC Terrain, to demonstrate the Bus topology. It is by no means complete, but rather a representation of how the networks are connected with this new layer of protection.
I intentionally omitted a multitude of other networks that are interconnected, so the slide focuses on only LS and HS GM LAN. It demonstrates how these and for that matter the other networks (not shown) are protected from intrusion by passing through the K56 Serial (Central) Gateway Module. This will make for more of a diagnostic challenge than when LS and HS GM LAN were "out in the open", as used on earlier platforms.
We no longer are able to "see" all of the modules on a network, due to there being what can be called a "clean" side and a "dirty" side. Consider the "dirty" side, as once being an easy point of access for hackers to vehicle critical systems, via insertion of customer devices and other methods.
Isolating modules on the same bus, makes for a rather more complex diagnostic path, that will be more heavily reliant on scan data, DTCs and performing intrusive testing with a Digital Multi-Meter to obtain various measurements on physical wiring, inline and component connections. Diagnosis will involve gathering necessary information such as DTCs and symptoms, then following SI down the "path of righteousness", step by step. While I am sure that testing will become a more comfortable and familiar process in due course, we can and should expect that there will be a learning curve.
Will dragging out a DSO be of any real use? That is your call to make, but I've always been one for using the simplest method of capturing information useful to make a quick diagnosis. However, I do use a DSO for case studies for the visual effect, or in the lab to demonstrate types of signals that we are measuring.
Whatever the tool of preference, there is no longer opportunity for "down and dirty" quick testing via the DLC, as in the past. Quite simply, "you can't get there from here" anymore. So, access to the physical bus with the "firewall" protection will be rather more intrusive than in the past, requiring more disassembly.
Just to make it more "fun", you will discover that disassembly to access these systems will also require more work than in the past, with more removal of trim and component layers for access.
Martin great write up. I still believe that there will be a greater need for the use of scopes. measuring an average voltage on a network line with a DVOM is not enough. We need to see the network and verify that its reaching its specified voltage ranges. Also networks are communicating faster, try to use a DVOM to measure a LIN bus.
Hi Thomas. Funny thing is that we've been successfully diagnosing CAN Bus, LIN Bus and more for many years, with a DMM. While a Fluke 87 or 87 III is pushed a bit, a Fluke 87 V is 4 x faster on peak min max @ 250 µS. That is sufficient to identify Bus differential voltage and the difference in voltages on Bus + and Bus - that add up to the 5v. Between scan data, DTCs, a capable DMM and the GM
Seems like the same thing that the information technology industry has gone through from the telephone to the world wide web. We are and have always been as tech's on the physical side of the network. Testing to be sure connections have continuity being the lowest level of the networks stack, we will likely need to become much more technically proficient over the coming years and move into
I agree Jeffrey. Remote "hacking" really should be the focus of malicious hacking, or even quick access with consumer devices such as USBs that can access systems and modify or corrupt programs. Physical access and bypassing gateways is a slightly different prospect and is clearly going to be more time-consuming than in the past. In the end for the diagnostic technician, its just wires…
Question Martin! Looking at your diagram it looks like powertrain will be directly accessible front the DLC. Everything else is routed through the gateway. Mercedes and BMW use a gateway to access other networks. Is there something different that I'm seeing? Not too hard to diagnose problems on those modules.
Hi Mike. The Bus + and Bus - leave the DLC terminals 6 and 14 and enter the BCM, where they take different directions, with the powertrain branch leaving the BCM at X6 and the other branch going to the serial gateway module from BCM connector X1. So, yes it does appear that there is direct connection via the DLC with the powertrain modules. With one termination resistor beyond the serial
I just looked up an 18 Equinox and I see that 6&14 go directly into K9 bcm and out to the powertrain BUS. Everything else goes through K56 gateway. Similar to a BMW network. We do most of our testing at the JBE on this model.
Hi Mike. That is correct. Just for the heck of it, I just tested a 2017 Sierra K1500 with a Serial Gateway Module at 6 and 14 and got the typical 60 and 120 Ω measurements respectively, with the system intact and with the termination resistor at the rear of the truck removed. There will be a few "twists" and "turns" in some testing, depending where modules are on the networks, but to me its
I think it's actually easier to diagnose electrical problems with segregated modules. Software and transceiver issues are more difficult as there is so much information going into the gateway. I wish there were codes for packet loss or lack of acknowledgment. I have a friend who writes software and he imbeds diagnostic information into the software. They may do it and it's just not apparent to
Indeed, Martin. Starting with the 2017 Impreza, Subaru has DLC pins 6 and 14 wired to nothing more than a single 120 ohm resistor in the BIU (Body control). Anything attempting to communicate via the DLC must first pass a background check by the BIU. It will be interesting to see if technicians will expect to see 60 ohms during a dry CAN resistance test, and instead interpret the 120 ohms as a
For sure Leo, there will be some atypical results on some of the networks, if just going by what has worked in the past. There will be more reliance on scan data, DTCs and schematic use, but other than that its just wires, connectors and modules.